apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "graphql.fullname" . }}
  labels:
    {{- include "graphql.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "graphql.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "graphql.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "graphql.serviceAccountName" . }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
          - name: AFFINE_PRIVATE_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.global.secret.secretName }}"
                key: key
          - name: NODE_ENV
            value: "{{ .Values.env }}"
          - name: NODE_OPTIONS
            value: "--max-old-space-size=4096"
          - name: NO_COLOR
            value: "1"
          - name: DEPLOYMENT_TYPE
            value: "affine"
          - name: SERVER_FLAVOR
            value: "graphql"
          - name: AFFINE_ENV
            value: "{{ .Release.Namespace }}"
          - name: DATABASE_PASSWORD
            valueFrom:
              secretKeyRef:
                name: pg-postgresql
                key: postgres-password
          - name: DATABASE_URL
            value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.url }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
          - name: REDIS_SERVER_ENABLED
            value: "true"
          - name: REDIS_SERVER_HOST
            value: "{{ .Values.global.redis.host }}"
          - name: REDIS_SERVER_PORT
            value: "{{ .Values.global.redis.port }}"
          - name: REDIS_SERVER_USER
            value: "{{ .Values.global.redis.username }}"
          - name: REDIS_SERVER_PASSWORD
            valueFrom:
              secretKeyRef:
                name: redis
                key: redis-password
          - name: REDIS_SERVER_DATABASE
            value: "{{ .Values.global.redis.database }}"
          - name: AFFINE_SERVER_PORT
            value: "{{ .Values.service.port }}"
          - name: AFFINE_SERVER_SUB_PATH
            value: "{{ .Values.app.path }}"
          - name: AFFINE_SERVER_HOST
            value: "{{ .Values.app.host }}"
          - name: AFFINE_SERVER_HTTPS
            value: "{{ .Values.app.https }}"
          - name: ENABLE_R2_OBJECT_STORAGE
            value: "{{ .Values.app.objectStorage.r2.enabled }}"
          - name: ENABLE_CAPTCHA
            value: "{{ .Values.app.captcha.enabled }}"
          - name: FEATURES_EARLY_ACCESS_PREVIEW
            value: "{{ .Values.app.features.earlyAccessPreview }}"
          - name: FEATURES_SYNC_CLIENT_VERSION_CHECK
            value: "{{ .Values.app.features.syncClientVersionCheck }}"
          - name: MAILER_HOST
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.mailer.secretName }}"
                key: host
          - name: MAILER_PORT
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.mailer.secretName }}"
                key: port
          - name: MAILER_USER
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.mailer.secretName }}"
                key: user
          - name: MAILER_PASSWORD
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.mailer.secretName }}"
                key: password
          - name: MAILER_SENDER
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.mailer.secretName }}"
                key: sender
          - name: STRIPE_API_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.payment.stripe.secretName }}"
                key: stripeAPIKey
          - name: STRIPE_WEBHOOK_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.payment.stripe.secretName }}"
                key: stripeWebhookKey
          - name: DOC_MERGE_INTERVAL
            value: "{{ .Values.app.doc.mergeInterval }}"
          {{ if .Values.app.experimental.enableJwstCodec }}
          - name: DOC_MERGE_USE_JWST_CODEC
            value: "true"
          {{ end }}
          {{ if .Values.app.objectStorage.r2.enabled }}
          - name: R2_OBJECT_STORAGE_ACCOUNT_ID
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: accountId
          - name: R2_OBJECT_STORAGE_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: accessKeyId
          - name: R2_OBJECT_STORAGE_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.objectStorage.r2.secretName }}"
                key: secretAccessKey
          {{ end }}
          {{ if .Values.app.captcha.enabled }}
          - name: CAPTCHA_TURNSTILE_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.captcha.secretName }}"
                key: turnstileSecret
          {{ end }}
          {{ if .Values.app.copilot.enabled }}
          - name: COPILOT_OPENAI_API_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.copilot.secretName }}"
                key: openaiSecret
          - name: COPILOT_FAL_API_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.copilot.secretName }}"
                key: falSecret
          - name: COPILOT_UNSPLASH_API_KEY
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.copilot.secretName }}"
                key: unsplashSecret
          {{ end }}
          {{ if .Values.app.oauth.google.enabled }}
          - name: OAUTH_GOOGLE_ENABLED
            value: "true"
          - name: OAUTH_GOOGLE_CLIENT_ID
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.oauth.google.secretName }}"
                key: clientId
          - name: OAUTH_GOOGLE_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.oauth.google.secretName }}"
                key: clientSecret
          {{ end }}
          {{ if .Values.app.oauth.github.enabled }}
          - name: OAUTH_GITHUB_CLIENT_ID
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.oauth.github.secretName }}"
                key: clientId
          - name: OAUTH_GITHUB_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                name: "{{ .Values.app.oauth.github.secretName }}"
                key: clientSecret
          {{ end }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          readinessProbe:
            httpGet:
              path: /
              port: http
            initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
